Hacker group blamed for publicising MI5 site security flaws fight back against papers

According to weekend newswire reports, the hacking group was so incensed about the reports that it went on a public relations offensive against the websites of the Daily Express and the Telegraph.

Forum reports suggest that Team Elite - whose main role appears to be reporting on cross-site scripting errors on websites, and suggesting that site owners fix them - is upset that it have been associated with the MI5 site hacking issue.

Although the hacking group has previously been involved with XSS flaws on a number of sites, including Kaspersky Lab, Paypal and Symantec, it claim to have identified a non-persistent and minor security flaw on the MI5 website on 21 July.

Thesecurity flaw was subsequently patched, Infosecurity notes.

The story was apparently picked up in the Daily Express on 30 July but, say the hacking group, was significantly overhyped and distorted the threat issues involved.

Unfortunately for Team Elite, the Express story was picked up by other newswires, who apparently portrayed the hacking group as looking to attack site visitors and collate their personal data.

The story was also picked up by the Telegraph in a story headlined as "Identity theft hackers attack MI5 website."

`Vector,' a member of Team Elite, then posted details of an XSS flaw on the newspaper's website, which he illustrated by changing a site page to say: "Did you know our newspaper is full of lies? We call people who report errors 'identity thieves'? The only identity thieves are the news reporters from this website."

According to a weekend blog posting by Vector, he wondered why the Telegraph calls the group `Identity thief hackers' when they just report XSS bugs.

"So I searched their website for answers. This is the answer I found: their website is also vulnerable to same bugs."

The papers have not formally responded to the allegations, but in hacking the newspaper site, the group may well have overstepped the mark, as gaining unauthorised access to the newspaper site - for whatever reason - is a breach of the Computer Misuse Act, Infosecurity notes.